Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Asian organisations need to do more to reduce insider threats

Nayela Deeba | June 2, 2017
Panellists at the Computerworld Singapore Security Summit 2017 share what else organisations need to do to enhance cybersecurity.

PD
(From left to right) UBS' Christian Karam, Sudhir Panda, SIT's Steven Wong, and SMU's Lau Kai Cheong at Computerworld Singapore Security Summit 2017 panel discussion

Ransomware has been a highly discussed topic by IT professionals and a bugging issue in the security landscape for years. The topic once again rose to prominence due to the recent WannaCry attack.

But ransomware is only one area of cybersecurity that IT/security professionals need to worry about.

 "Insider threats is [another area] which needs to be addressed across organisations", said Sudhir Panda, associate director, digital analytics, at a financial institution, during the panel discussion at the Computerworld Singapore Security Summit 2017.

 "A lot of employees are not aware how to make data more secure. [Even if] there are mandatory trainings to ensure employees have some sort of awareness, there is no follow up once the training is over. So what [IT/cybersecurity teams] need to do is to use data to constantly monitor and engage employees to make sure they give inputs so that we can improve our security processes," he added.

Agreeing with him, Steven Wong, associate professor and programme director at Singapore Institute of Technology suggested "creating awareness at a young age to drive security as a habit." He said that doing so will help solve certain security problems so that they will not recur in future.

When asked how IT/cybersecurity teams can strengthen their cyberdefence in general, Lau Kai Cheong, chief information officer, Singapore Management University (SMU), suggested using artificial intelligence and advanced analytics to spot advanced persistent threats (APTs) and malware hidden in the networks.

Meanwhile, Christian Karam, director of Cyber Threat Intelligence, UBS, highlighted the importance of patching systems and/or replacing outdated machines with newer ones to decrease the chances of being hacked.

Karam and Panda also encouraged IT and cybersecurity teams to continue educating internal employees about cybersecurity. They can do so by deploying fake phishing emails or through gamification.

As for Wong, he strongly urged IT and cybersecurity teams to ensure that they have an effective incident response plan because getting breach is beyond control.

--

Other stories from the Computerworld Security Summit Series 2017:

 

Sign up for CIO Asia eNewsletters.